I am not surer that everyone wants to see the gory details, but with
Powershell you can accomplish anythign that you would do normally via the
cmd line or interactively, on linux (ssh) and Windows (WMI).
Here is an example that will migrate servers from a test OSSEC server to a
Productin OSSEC server and then register them with the new server (I have
another script that fixes the "any' in the client.keys):
# You must download the module and install it per the directions (google)
Import-Module SSH-Sessions
# Implies that you have a .csv file with all of your servers in it with the
following headers (Product,address,Hostname,Key,User)
# Implies that you have an account on your linux servers with TTY ability
(google sudoers & TTY)
# Load data from .csv into a variable called $servers
$Servers = Import-Csv C:\ISCO\Automate\bin\test_Servers.csv
# loop throuhg each of the lines in the .CSV file and do "Some work"
ForEach ($S in $Servers)
{
# Get IP address from line in file
$I = $S.Address; Write-host $I
#Get Hostname from line in file
$H = $S.Hostname; Write-host $H
#Same ...
$K = $S.key; Write-host $K
#Same ...
$U = $S.user; Write-host $U
# Connect to each computer and provide username and Private key
New-SshSession -ComputerName $I -Username $U -KeyFile $k
#Stop the agent
Invoke-SshCommand -ComputerName $i -Command "sudo
/var/ossec/bin/ossec-control stop" -Verbose
# Replace the Test Server IP with with the Production server IP
Invoke-SshCommand -ComputerName $i -Command "sudo sed -i
's/1.1.1.1/2.2.2.2/g' /var/ossec/etc/ossec.conf" -Verbose
#Register the server with agent with the Production OSSEC manager
server with the host name from the .csv file
Invoke-SshCommand -ComputerName $i -Command "sudo
/var/ossec/bin/agent-auth -m 2.2.2.2-p 1515 -A $H" -Verbose
# Restart the agent
Invoke-SshCommand -ComputerName $i -Command "sudo
/var/ossec/bin/ossec-control start" -Verbose
# display the status of the agent post restart in the Powershell
console.
Invoke-SshCommand -ComputerName $i -Command "sudo
/var/ossec/bin/ossec-control status" -Verbose
# Close and clean up the session
Remove-SshSession $I -Verbose
# As this is a Foreach Loop, it will parse each line of your .csv file
and perform this work on every server until the list is ehausted.
}
So, we can take this offline or keep it here, but I would need to get the
details (requirements) for each process that you are trying to automate. I
am not following what you are trying to do with the Client.Keys on the
agent, but I believe that there is a programatic solution.
Jared
On Thursday, September 19, 2013 2:42:19 PM UTC-4, Chris Lauritzen wrote:
> Jared,
>
> Thanks for the info. I can get Landesk to run powershell so what scripting
> would I need.
>
> On Thursday, September 19, 2013 9:42:01 AM UTC-5, Jared wrote:
>>
>> Chris,
>>
>> Agent / Client = 1 client.keys file with a single entry in it.
>> C:\Program Files (x86)\ossec-agent\client.keys = 1 entry
>>
>> Server / Manager = 1 client.keys files with an entry for every agent that
>> is registered.
>> /var/ossec/etc/client.keys
>>
>> If you are tying to copy the client.keys file from the server to every
>> agent, it will not work (only reads the first line).
>>
>> If you need some scripting automation for installing/configuring OSSEC on
>> Windows and Linux, and can run powershell from your Windows Landesk
>> instance, I can help. Just need to come up with what "success" would look
>> like from requirements perspective and the scripting part is easy.
>>
>> Jared
>>
>>
>>
>> On Thu, Sep 19, 2013 at 10:19 AM, James M. Pulver <[email protected]>wrote:
>>
>>> Yes, each client has a unique client.keys.****
>>>
>>> ** **
>>>
>>> --****
>>>
>>> James Pulver****
>>>
>>> CLASSE Computer Group****
>>>
>>> Cornell University****
>>>
>>> ** **
>>>
>>> *From:* [email protected] [mailto:[email protected]] *On
>>> Behalf Of *Chris Lauritzen
>>> *Sent:* Thursday, September 19, 2013 9:46 AM
>>>
>>> *To:* [email protected]
>>> *Subject:* Re: [ossec-list] Client.keys****
>>>
>>> ** **
>>>
>>> James let get this straight, if I have 3500 pc's to push this out to I
>>> need 3500 client.keys files?
>>>
>>>
>>> On Wednesday, September 18, 2013 5:13:28 PM UTC-5, Michael Starks wrote:
>>> ****
>>>
>>> On 09/18/2013 04:08 PM, Chris Lauritzen wrote:
>>> > Yes the Key have been made. There is a new twist to this now. The
>>> > install is reading the client.keys but is only reading in the first
>>> key
>>> > listed. Every install is pulling only the first key. If I manually add
>>> > the key it works fine. When creating the key I see that the name is
>>> > optional but is it possible that it's looking for the device name and
>>> > when not finding it defaulting to the first entry?
>>>
>>> There should only be one key in the agent's client.keys file--the key
>>> for that agent. ****
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> For more options, visit https://groups.google.com/groups/opt_out.****
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>
>>
>> --
>> Thank you,
>>
>> Jared R. Greene
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
